CVE-2014-8248 — SQL Injection in Release Automation

CWE-89 — SQL Injection3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Release Automation

Timeline

PublishedDec 16

Latest updateMay 13

Description

SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDbroadcom/release_automation4.7.1

🔴Vulnerability Details

GHSA

GHSA-m9hc-j9pp-2gwf: SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4↗2022-05-13

▶

CVEList

CVE-2014-8248: SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4↗2014-12-16

▶